Privacy Policy

1. INTRODUCTION Rai ("we", "our", or "us") respects your privacy and adopts technical and organizational measures to protect your personal information. We follow the principles of the LGPD (Brazil) and equivalent international data protection standards. By accessing and using the Rai platform ("Platform" or "Service"), you confirm that you have read, understood, and agree to this Privacy Policy. This Privacy Policy is publicly accessible at https://rai.fit/privacy and applies to all services offered under the Rai brand and domain. 2. DATA COLLECTION AND USE 2.1 Collected Data We collect only the data necessary to provide our services effectively and securely, including: • Profile information: name, age, gender, country, sports experience, and training objectives; • Activity data: distance, time, pace, heart rate, location, and similar training metrics; • Training history and interactions: personalized plans, chats, and usage patterns; • Account information: email address, authentication credentials, and related technical identifiers. 2.2 Sensitive Health Data Some optional features involve recording health-related information, such as menstrual cycle data. This data is classified as sensitive personal data under the LGPD and equivalent international data protection standards. There are two distinct and independent processing activities for this data, each with a separate consent basis: a) Storage of cycle data: recording is entirely optional and voluntary. By using the menstrual cycle tracking feature, you consent to the storage of that data as described in this Policy. You may stop using the feature and request deletion of your data at any time through the app settings or by emailing help@rai.fit. b) Use of derived signals for AI-powered training personalisation: by default, no cycle data is sent to artificial intelligence providers. This use only occurs if you explicitly enable the "Use cycle data to personalise training" option in the app settings. By enabling that option, you consent to the derivation of high-level signals (e.g. current cycle phase) and their inclusion in prompts sent to our AI providers, solely to personalise your training plans. Raw cycle data is never shared in full with external providers. You may revoke this consent at any time by disabling the option in the app settings. 2.3 Purpose of Data Use Your personal data is used exclusively for the following purposes: • Generating personalized training plans and recommendations; • Analyzing performance and adapting plans to individual needs; • Providing intelligent interactions and guidance; • Improving security, stability, and user experience (never for advertising or marketing purposes); • Communicating service-related updates. Important: We do not use your data to train or fine-tune artificial intelligence or machine learning models. Your information is used solely to generate personalized responses and recommendations within the Rai environment. 2.4 Consent By accepting these Terms of Use and this Privacy Policy at account creation, you consent to the processing of your common personal data as described herein. Consent for the processing of sensitive health data is obtained at two distinct moments: (i) when you voluntarily use the menstrual cycle tracking feature (consent to storage); and (ii) when you explicitly enable cycle-based training personalisation in the app settings (consent to use of derived signals in AI prompts). The second consent is independent of the first and may be revoked without affecting stored records. You may revoke either consent at any time, without affecting your access to the rest of the platform's services. 3. THIRD-PARTY SERVICES AND DATA HANDLING 3.1 Integrations The Platform may integrate with external services to enhance its functionality. These integrations are used exclusively to provide you with features such as importing activity data, synchronizing workouts, or generating personalized recommendations. 3.2 Data Sharing Policy • Personal data is not sold, traded, or shared with external parties for marketing or profiling purposes; • Data is shared only to the extent strictly necessary to deliver the Service you request and authorize; • All integrations operate under secure authentication and data protection standards; • External providers may have their own privacy policies, which users are encouraged to review before authorizing integration. 3.3 International Data Transfers Data may be processed on servers located in different countries, including Brazil and the United States. Regardless of location, the same protection standards described in this policy are applied consistently. Where sensitive health data is included in high-level signals sent to artificial intelligence providers located outside Brazil, this transfer occurs on the basis of your explicit authorization and applicable contractual safeguards, as required by the LGPD and equivalent international standards. 3.4 Compliance with Third-Party Integration Policies Rai fully complies with the data-use requirements and privacy policies of all third-party services it integrates with. • Data obtained via integrations is processed only to provide personalized analysis and recommendations to the user who authorized access; • Such data is never used to train AI models, redistributed, or made publicly available; • Each integration occurs via secure OAuth authorization and can be revoked at any time by the user. 4. DATA SECURITY AND STORAGE 4.1 Security Measures We employ industry-standard technical and organizational measures to safeguard your personal data, including: • Access control mechanisms: ensure that users can access only their own data within the system; • Encryption: personal data, credentials, and tokens are encrypted in transit and at rest; • Access logs: record critical operations for accountability and security; • Data minimization: we collect only the information strictly necessary for the Service; • Regular encrypted backups: to ensure data integrity and recovery capability. 4.2 Secure Storage Data is stored securely using trusted cloud providers that comply with international data protection regulations and maintain robust physical and digital safeguards. 5. USER RIGHTS As the data subject, you have the following rights regarding your personal data: • Access: obtain a copy of your stored information; • Correction: request correction of inaccurate data; • Deletion: request deletion of your data, where permitted by law; • Portability: request transfer of your data to another service; • Objection: object to specific types of data processing; • Revocation: withdraw consent for sensitive data processing or external service integrations at any time; • Information: obtain information about with whom your data has been shared; • Review: request review of automated decisions that affect your interests. Users may exercise these rights by contacting us at help@rai.fit. Requests will be evaluated and fulfilled in accordance with applicable data protection laws and the technical feasibility of the Service. You also have the right to lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD) in Brazil, or with the competent supervisory authority in your country of residence, if you believe your rights have been violated. 6. DATA RETENTION AND DELETION Your data is retained only for as long as necessary to provide the Service and fulfill legal obligations. Health data (e.g. menstrual cycle records) is retained while the user actively uses the corresponding features. Disabling cycle-based personalisation in the app settings does not automatically delete historical records — deletion must be requested separately, as described in sections 6.1 to 6.6 above. 6.1 Deletion Request You can request deletion of your account through the app settings or by email (help@rai.fit). 6.2 Waiting Period After the request, there is a waiting period before processing. During this period, your account remains active and you can cancel the request. 6.3 Anonymization Upon confirming deletion, we permanently anonymize your personally identifiable data, in compliance with the LGPD and equivalent international standards. 6.4 Retained Data Due to legal or tax obligations, some data may be retained in anonymized or aggregated form, without the possibility of personal identification. 6.5 Cancellation You can cancel the deletion while processing has not yet started. 6.6 Irreversibility After deletion is completed, personal data cannot be recovered. 7. LEGAL BASES FOR PROCESSING 7.1 Common personal data is processed on the basis of: • User consent (for integrations and optional features); • Performance of a contract (to provide training and related services); • Legitimate interest (to maintain service integrity and security, within the limits of Article 10 of the LGPD). 7.2 Sensitive personal data (including health data) is processed exclusively on the basis of: • Consent to storage: expressed by voluntarily using the menstrual cycle tracking feature. • Consent to AI personalisation: expressed by explicitly enabling the corresponding option in the app settings. This consent is independent and may be revoked without affecting stored records. Both consents are obtained pursuant to the LGPD and equivalent international data protection standards. No other legal basis is invoked for the processing of sensitive data. 8. CHILDREN'S PRIVACY We do not knowingly collect sensitive reproductive health data from individuals under 18 years of age. The menstrual cycle tracking feature is restricted to individuals aged 18 or older and is subject to server-side age verification, which blocks access for users under 18. If we become aware that a user under 18 has accessed the menstrual cycle feature, we will take steps to delete the associated data promptly. 9. POLICY UPDATES We may update this Privacy Policy periodically. In the event of significant changes — particularly those that expand the scope of sensitive data processing — users will be notified with reasonable advance notice. Continued use of the Service after such notice constitutes acceptance of the updated policy for common data. For features involving sensitive health data, personalisation remains disabled by default and requires explicit activation by the user in the app settings. That activation constitutes the expression of consent for the processing described in this Policy. The user may revoke this consent at any time by disabling the corresponding feature. 10. CONTACT If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: help@rai.fit Data controller: Rai Tecnologia Ltda. --- By using the Rai platform, you acknowledge that you have read, understood, and agree to this Privacy Policy, including the processing of any sensitive health data you choose to provide when using the platform's optional features.